To avoid possible man-in-the-middle (MITM) attack, make sure your HTTP response header include appropriate parameters. Protect your website from attacks like XSS or code injection.
The simplest way to do is, create .htaccess in your working directory and insert with following parameters:
<ifModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
Header set Referrer-Policy: no-referrer-when-downgrade
Header set Content-Security-Policy "frame-ancestors 'none'; font-src https: data:; img-src https: data:;"
Header always set Permissions-Policy "geolocation=(); midi=();notifications=();push=();sync-xhr=();accelerometer=(); gyroscope=(); magnetometer=(); payment=(); camera=(); microphone=();usb=(); xr=();speaker=(self);vibrate=();fullscreen=(self);"
</ifModule>* Please adjust each header parameter according to your working environment.
To know more about HTTP headers, please visit https://www.loginradius.com/blog/async/http-security-headers/
